Privacy, Security & Compliance
This section provides information on Kudos Travel Technology’s application security and compliance.

Application Security & Compliance
Data Encryption at Rest | |
Data Encryption in Transit | |
Vulnerability & Penetration Test (weekly) | |
ASV External Scans (monthly) | |
Advanced threat detection via AWS GuardDuty | |
SAML2 based SSO support | |
PCI DSS v3.2.1 |
Organisational Security
Kudos' security measures go far beyond securing just our applications. We have a variety of security measures in place across the company – built with best practices in mind and customised to the Kudos Travel Technology environment.
Team
We have a dedicated security team focused on keeping our business and clients protected. In addition to investing in specialist training, we’re also a corporate member of the Chartered Institute of Information Security (CIIS) to ensure our team is continually developing their skills and knowledge.
Policies
We maintain a variety of policies including an Information Security Policy as part of our Information Security Management System (ISMS).
Certifications
Kudos holds a Certificate of Compliance for PCI DSS, version 3.2.1 (Level 1) under the category SAQ D for Service Providers for the protection of Cardholder Data (CD).

Qualified Security Assessor (QSA)
A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC).
A Qualified Security Assessor is an individual bearing a certificate that has been provided by the PCI Security Standards Council. This certified person can audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance.
PCI DSS
Credit Cards within the Travel Platform are managed securely to ensure PCI DSS compliance via our partnership with Cloud Security platform TokenEx which is PCI DSS Level 1.

Infrastructure
Kudos' client data is stored in the highly secure AWS cloud-hosted data centres located in multiple regional availability zones to support the Kudos Travel Platform. The AWS data centre facilities use innovative secure architectural engineering methodologies, built from decades of experience designing, constructing, and operating large-scale highly reliable commercial data centres which are directly applied to Kudos' platform, and infrastructure.

Employee Awareness Scheme
We believe in modifying behaviours for the better, not just ticking a compliance box with annual online training. This is why we provide in-house role-specific training to all employees, new joiners and relevant contractors.
Access Control
We implement role-based access control at Kudos. This means that only a limited number of our staff have access to your data, based on their job role.
Business Continuity
Both our application and support services have a variety of measures in place to ensure we can deliver a high-availability service.
Third-Party Vendors
We perform a thorough security audit and subsequent risk assessment on all vendors that will host confidential business or client data. We also use continuous security monitoring to keep track of our vendors.
Technical Security
We have a wide range of technical security measures in place, from advanced Endpoint Detection & Response (EDR), to cloud security and monitoring.
Data Protection & GDPR
We have a thorough compliance program in place. Please see an overview of our data protection measures here.